General

  • Target

    11aae5919d02486632bf416282ff5106fa8f635070d9f8c0aaf6fd7050284f54

  • Size

    5.7MB

  • Sample

    240531-a684gsgf4v

  • MD5

    8032b8948bdbe0cb254d0cdd1aefe53d

  • SHA1

    c26674c074b4ed5eb5180f8922efb83fe513a365

  • SHA256

    11aae5919d02486632bf416282ff5106fa8f635070d9f8c0aaf6fd7050284f54

  • SHA512

    773d20a7b8c206e6170e410c27bdf0886d44decdab294a27fb0058f93effda60cafb739d9ce6647c878d3895b13ffca2865b811b7da7e2e4f109e7720aa423a4

  • SSDEEP

    98304:mIiruimyJUV6VpCI4Sd2JDLXvgeHh+VxuTW7+Z27YlqRmaQzp3ppKwuiQ8YWbm9r:LQc7IW20vvgs+ffftgaQzp5pKDirbuZp

Malware Config

Targets

    • Target

      11aae5919d02486632bf416282ff5106fa8f635070d9f8c0aaf6fd7050284f54

    • Size

      5.7MB

    • MD5

      8032b8948bdbe0cb254d0cdd1aefe53d

    • SHA1

      c26674c074b4ed5eb5180f8922efb83fe513a365

    • SHA256

      11aae5919d02486632bf416282ff5106fa8f635070d9f8c0aaf6fd7050284f54

    • SHA512

      773d20a7b8c206e6170e410c27bdf0886d44decdab294a27fb0058f93effda60cafb739d9ce6647c878d3895b13ffca2865b811b7da7e2e4f109e7720aa423a4

    • SSDEEP

      98304:mIiruimyJUV6VpCI4Sd2JDLXvgeHh+VxuTW7+Z27YlqRmaQzp3ppKwuiQ8YWbm9r:LQc7IW20vvgs+ffftgaQzp5pKDirbuZp

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks